h4|ESM - Your Digital Information Security Management System sp|Efficient ICT Compliance - "State once, measure many" Work efficiently with several standards and frameworks in parallell, ISO27000, NIST, EBA and EIOPA ICT Guidelines, PCI-DSS and more. Combines a management system for ICT continuity, Information Security and ICT Compliance Work with dynamic Internal Control activities to control Your organisation Get efficient support in controlling Suppliers with respect to Information Security, Business Continuity, ICT Compliance and treatment of Personal Data. See more benefits using ESM Start your free trial Some benefits of using ESM Financial Institutions "State once, measure many" - measure compliance with many regulative requirements efficiently. Import own standards and get compliance reports with ease. Maintain your Information Security Architecture in a dynamic and highly regulated environment Integration of FFFS2014:1, :4 and :5 from Swedish Financial Supervisory, PCI-DSS, ISO/IEC27001, ISO27002 Integrated support for Dynamic register for GDPR, Article 30 Support for Data Protection by Design and Default sp|FREQUENTLY ASKED QUESTIONS ​ From time to time we get questions about ESM - Enterprise Security Modeller and below we try to give a brief summary of these as well as the our answers. 01 "Who should use ESM?" ​ We believe that there are many different roles that would benefit from using ESM - Enterprise Security Modeller. ​ - The IT-Architect: ESM provides a visual, simple and specific tool for modelling processes, information, applications and IT-systems. We provide a modelling tool that is accessible by many other, thus the IT-Archtiect will be able to share his/hers models with other enabling a common, shared model that enable more effective collaboration. ​ - The Information Security specialist: ESM provides support for sharing requirements on ISO/IEC27000 controls in processes, applications and in IT-systems. Thus a security specialist will be able to work efficiently in sharing requriements, follow up om compliance and providing support on how to implement security controls. With ESM:s process view peoples within the organisation may also get support in security related processes, such as Information Classification etc. ​ - The IT-Manager: ESM provides a simple and visual model on information flows between applications, in what infrastructure a specific application is running and where sensitive information is stored. This will provide fast and easy accessible information that supports the decision process for Managers. ​ - Risk Managers and CISO's that want to provide their organisations with support in a distributed process for Risk Identification and Analysis. ESM's efficient workflow with support from ISO/IEC27005 will support Your organisation. ​ - Data Privacy Officers and similar that want an effective support for GDPR article 30 and start working with Dataprotection by Design with support from ISO/IEC27018. ​ 02 "What organisations should use ESM?" ​ ​ We believe that ESM is best suited for Small and Medium sized Enterprises that need support in improving their Information Security governance. ESM support collaboration and offers effective means for a smaller team of Information Security specialists to reach out to their organisation. ESM is also suitable for complex IT-systems where several specialists need to collaborate around Compliance and Information Security. ​ 03 "Can ESM provide support in Information Classification?" ​ ​ ESM - Enterprise Security Modeller has built-in support for effective and efficient classification of Information objects in terms of confidentiality, integrity, availability and traceability. With the ISO/IEC27000 module the classification will result in security requirements being utportionerade on those applications, processes and/or IT-systems that actually use the information objects. This will make it possible to implement an effective process for information classification that supports owners of applications and processes. ​ 04 "Is ESM providing any support for GDPR?" ​ ​ ESM - Enterprise Security Modeller provides support for GDPR as you can classify information objects and processes with labels from GDPR. This makes it possible for an organisation to work with classification of information, trace where privacy information actually is stored and processed as well as to integrate process support for important processes required from GDPR, e.g. incident management. With ISO/IEC27018 and ISO/IEC27701 you get support in working with data protection and GDPR. ​ 05 "Can I import information into ESM?" ​ ​ ESM - Enterprise Security Modeller has no built-in support for importing information, however we have successfully helped some of our clients in importing information from Excel and Sparx Enterprise Architect. ​ 06 "How do I pay for ESM?" ​ ​ ESM - Enterprise Security Modeller wants to support collaboration, therefore you can have as many Read-only users you want. What you pay for is the Read-write users. We also have an add-on to our base model for supporting ISO/IEC27000. ​ 07 "Can ESM help me with ISO-certification?" ​ ​ ESM - Enterprise Security Modeller has ISO/IEC27000 built in for paying customers (for licensing reasons). You will still need to document your Information Security Policy and some other guidelines. The strength of ESM is the ability to manage processes, information and IT-systems in the same tool. The integrated support for information classification and connection with ISO-controls in ISO/IEC27002 will help you to detail what processes, applications and devices that need to comply with specific ISO-controls. With ESM you may also distribute the responsibility to report compliance with the ISO-controls to process owners, applications and devices. ​ At the moment we are looking for: We are a software company located in the heart of Stockholm in Sweden, driven by one vision: to simplify information security! We believe that information security is too important to be left in the hands of specialists only, and that we need to get more competencies working together to help secure the digital society of today and tomorrow. h5|IT-Arkitekt/InfoSec Expert sp|JOIN THE TEAM We want to find smart creatives to help us build a safer Internet. Are you interested in working for us? ​ OPEN POSITIONS ​ Unlike many startups, we are financing our own software development through consulting in information security and architecture, which leaves us with much freedom to choose our own direction. We work in an agile fashion, but are mature enough to stay away from the no-planning chaos. We are currently looking for IT- or Solution Architects with an interest to grow in to the field of InfoSec, or InfoSec specialists willing to dabble with Architecture questions such as information- and process modelling. You will become an integral part of our consulting team and push the envelope of our tool ESM - Enterprise Security Modeller. About you You are a self-driven team-player striving for both personal and collective progress. While you enjoy wandering between the borderless realm of imagination and tinkering with abstract mathematical concepts, you are well grounded with your both feet. You value input, feedback and consider listening to others ideas as important as communicating your own. You approach people inclusively and believe in diversity. If you are the person we are looking for please drop us a line here: ​ Thanks! Message sent. Send di|Search UPPDATED - Network problems in production environment 11:05 - Our IT partner has solved the problem. The disturbances were connected with their core routers. We are experiencing intermittent... ESM release v 3.8.0 During last week we released a new version of ESM. Try it out! https://lnkd.in/dd7n7QU #informationsecuritymanagement#infosecurity#regtech ESM release v 3.7.0 Yesterday we released a new version of ESM, since we became one developer shorter we needed to reprioritise but all the same we managed... ESM relase 3.5.0 Our December release, that we planned for the 22nd of Dec, was late and we were forced to leave the new authority model outside the... You are Great, We Hire! We are looking for Information Security Specialists with 2-4 years of experience with practical work with Information Security. Do you... Access Control in SME's We want to share some thoughts on how SME's may work with a simple process for controlling access to IT Systems. Larger organisations... ESM version 3.4.0 is released Working with standards In this article published on Linkedin we provide some examples on how ISO/IEC27000 may help you in implementing an Information Security... Upcoming certifications for our customers! We are thrilled that several of our customers are ready for certification meetings the upcoming 1-2 months. They are all using ESM -... Welcome Anton Bjöörn Innovate Security has hired another brilliant developer! Anton is newly graduated from KTH (www.kth.se) and has a Master in Computer... Welcome Anders Berg! Innovate Security welcomes Anders Berg as our Head of Professional Services! Anders will be responsible for our "as a Service" portfolio,... Innovate Security is ISO/IEC27001 certified We are proud to present our certificate Sommarhälsning från Innovate! Snart börjar semestern för många och vi vill passa på att berätta lite om vad som hänt hos oss under första halvåret och vad som är på... Release 3.0.0 deployed We have updated our support for ICT Readiness for Business Continuity. This is now a new module, without this module the... ESM version 2.9.0 About a week late, but here it is our latest release that improves work with templates greatly. ArkivIT and Innovate Security in partnership ArkivIT and Innovate Security starts a partnership for supporting customers within Information Security and Compliance. See more here:... Release 2.8.0 is ready ESM moves to Sweden ESM is moved to Swedish ISO/IEC27001 certified Cloud Provider. Release 2.7.0 Improved process modelling functionality Top level processes are now possible to layout just as in the other process diagrams. It is now... Release 2.6.4 Fixed performance issues in large models. Added functionality for administrator to set values for SMS OTP timeout. {"items":["6051bd393b6a430015dd568f","604896f2bcdb60002cdd2bf3","602f713b17bb4d0017cbe32c","5feae927a053e60017ed9f21","5fc8f31fc281f000183a1a44","5fba91f1f8ebb00017ae1885","5fb6981149f19300173dd755","5fb40ca60439520018d064fb","5fb1a9170099990017311542","5fb1a84834eb9300179f488e","5f4f751951066e0017edb54b","5f00596142a0ed00172f4973","5efd915f707c510017c9f002","5ef1ac3e247b0e001746bcff","5ecb74da532966001887421b","5eb035ac5e99f30017aa2555","5e9dfbcd8f9c7e0042067303","5e7dfbc75df0ea00173f7918","5e789414ce198d00170370b3","5e7893a7bc98ef0017fba33b"],"styles":{"galleryType":"Columns","groupSize":1,"showArrows":true,"cubeImages":true,"cubeType":"fill","cubeRatio":1.3333333333333333,"isVertical":true,"gallerySize":30,"collageAmount":0,"collageDensity":0,"groupTypes":"1","oneRow":false,"imageMargin":32,"galleryMargin":0,"scatter":0,"rotatingScatter":"","chooseBestGroup":true,"smartCrop":false,"hasThumbnails":false,"enableScroll":true,"isGrid":true,"isSlider":false,"isColumns":false,"isSlideshow":false,"cropOnlyFill":false,"fixedColumns":1,"enableInfiniteScroll":true,"isRTL":false,"minItemSize":50,"rotatingGroupTypes":"","rotatingCropRatios":"","columnWidths":"","gallerySliderImageRatio":1.7777777777777777,"numberOfImagesPerRow":1,"numberOfImagesPerCol":1,"groupsPerStrip":0,"borderRadius":0,"boxShadow":0,"gridStyle":1,"mobilePanorama":false,"placeGroupsLtr":true,"viewMode":"preview","thumbnailSpacings":4,"galleryThumbnailsAlignment":"bottom","isMasonry":false,"isAutoSlideshow":false,"slideshowLoop":false,"autoSlideshowInterval":4,"bottomInfoHeight":0,"titlePlacement":"SHOW_ON_THE_RIGHT","galleryTextAlign":"center","scrollSnap":false,"itemClick":"nothing","fullscreen":true,"videoPlay":"hover","scrollAnimation":"NO_EFFECT","slideAnimation":"SCROLL","scrollDirection":0,"scrollDuration":400,"overlayAnimation":"FADE_IN","arrowsPosition":0,"arrowsSize":23,"watermarkOpacity":40,"watermarkSize":40,"useWatermark":true,"watermarkDock":{"top":"auto","left":"auto","right":0,"bottom":0,"transform":"translate3d(0,0,0)"},"loadMoreAmount":"all","defaultShowInfoExpand":1,"allowLinkExpand":true,"expandInfoPosition":0,"allowFullscreenExpand":true,"fullscreenLoop":false,"galleryAlignExpand":"left","addToCartBorderWidth":1,"addToCartButtonText":"","slideshowInfoSize":200,"playButtonForAutoSlideShow":false,"allowSlideshowCounter":false,"hoveringBehaviour":"NEVER_SHOW","thumbnailSize":120,"magicLayoutSeed":1,"imageHoverAnimation":"NO_EFFECT","imagePlacementAnimation":"NO_EFFECT","calculateTextBoxWidthMode":"PERCENT","textBoxHeight":0,"textBoxWidth":200,"textBoxWidthPercent":50,"textImageSpace":10,"textBoxBorderRadius":0,"textBoxBorderWidth":0,"loadMoreButtonText":"","loadMoreButtonBorderWidth":1,"loadMoreButtonBorderRadius":0,"imageInfoType":"ATTACHED_BACKGROUND","itemBorderWidth":1,"itemBorderRadius":0,"itemEnableShadow":false,"itemShadowBlur":20,"itemShadowDirection":135,"itemShadowSize":10,"imageLoadingMode":"BLUR","expandAnimation":"NO_EFFECT","imageQuality":90,"usmToggle":false,"usm_a":0,"usm_r":0,"usm_t":0,"videoSound":false,"videoSpeed":"1","videoLoop":true,"jsonStyleParams":"","gallerySizeType":"px","gallerySizePx":940,"allowTitle":true,"allowContextMenu":true,"textsHorizontalPadding":-30,"itemBorderColor":{"value":"#999999"},"showVideoPlayButton":true,"galleryLayout":2,"targetItemSize":940,"selectedLayout":"2|bottom|1|fill|true|0|true","layoutsVersion":2,"selectedLayoutV2":2,"isSlideshowFont":false,"externalInfoHeight":0,"externalInfoWidth":0.5},"container":{"width":940,"galleryWidth":972,"galleryHeight":0,"scrollBase":0,"height":null}} 1 sp|Admin Mar 17 1 min 0 comments Admin Mar 10 1 min 0 comments Admin Feb 19 1 min 0 comments Admin Dec 29, 2020 1 min 0 comments Admin Dec 3, 2020 1 min 0 comments Admin Nov 22, 2020 1 min 0 comments Admin Nov 19, 2020 0 min 0 comments Admin Nov 17, 2020 1 min 0 comments Admin Nov 15, 2020 1 min 0 comments Admin Oct 9, 2020 1 min 0 comments Admin Sep 2, 2020 1 min 0 comments Admin Jul 4, 2020 1 min 0 comments Admin Jul 2, 2020 2 min 0 comments Admin Jun 17, 2020 1 min 0 comments Admin May 25, 2020 1 min 0 comments Admin May 4, 2020 1 min 0 comments Admin Apr 20, 2020 0 min 0 comments Admin Mar 27, 2020 1 min 0 comments Admin Mar 18, 2020 1 min 0 comments Admin Mar 3, 2020 1 min 0 comments sp|CONTACT US Drakens Gränd 1 111 30 Stockholm ​ ​ DO YOU WANT TO TEST ESM OR SIMPLY ASK US A QUESTION? DROP US A LINE... Success! Message received. Send Innovate Security value and respect your privacy. We ensure that collection and processing of personal data will always be done responsibly with due care for your integrity and rights. In general terms we will only be collecting two categories of privacy information: Information we need for you to be able to use our service ESM, and Information that we will use for marketing purposes. Category 1 include: Contact information that you provide in your profile such as name, email address, phone number. Payment details Category 2 include: Contact information such as name, company, position, email address, phone number. The distinction between the two categories is very important as the first category is due to the legal agreement of you using our service ESM. For the second category you will always have the right to refuse further marketing and the right to be forgotten. For the first category we will only collect the information that you enter upon starting the ESM service and store it for you as long as you are a customer to us. Any information that is not mandated to store for other legislative purposes will be deleted from Innovate Security’ systems. For the second category our marketing team will collect and use the information for strictly marketing purposes such as sending out offers, contacting prospects, etc. Innovate Security will regularly, once a year, send out an offer to opt out for those that are on the list. If no answer is provided, you will be removed from the list. Legal ground for processing: To fulfill our contractual requirements and to verify the identity of users Automated decisions: No Legal ground for processing: Legitimate interests for Innovate Security Automated decisions: No We might in some cases transfer and share the information with selected partners like IT service providers. We will make sure that your information is handled safely and with adequate technical and organisational security controls. All data in ESM is stored and processed within Sweden. We always strive to also keep marketing data within EU/EEA. Marketing data can though in some cases be transferred and processed in a country outside of the EU/EEA by a partner or supplier. We will in those cases make sure reasonable actions are taken so that the data will be protected according to the same protection level as offered within EU/EEA. As mentioned above you have the right to access what information we have on you, correct that data and the right to be forgotten. Right to access - You can request a copy of privacy information we have on you and make sure that it is ok. You have the right to correct wrong or non-complete privacy information on yourself. You also have the right to be deleted or forgotten in those cases where the data is no longer needed for the processing purposes. There can though be other legislations stating that the data needs to be kept for a longer period of time. Innovate security uses cookies to provide the services and features offered on our website, and to improve our user experience. For more information, please check the cookie statement Innovate Security Sweden AB Drakens Gränd 1 111 30 Stockholm h1|PRIVACY POLICY h5|Thank you for choosing Innovate Security! What privacy information will we be collecting? How do we process your information? With whom will we share your information? Where do we process your information? Your rights to access, correction and deletion of your information? What about cookies? Contact us: sp|​ Category 1 Category 2 ​ ​ ​ ​ sp|MEET THE TEAM Innovate Security develops software for visualising security and compliance requirements by modelling information, application and processes. The software supports Innovate Security’s own work flow model for implementing Information Security within Development and Maintenance processes. ​ Email +46 (0) 704 50 59 65 Tim Sönderskov CEO, Partner Experienced IT-manager with a business perspective. Previous experience from Project Management, Company Management and Organisational Change ​ Read more Anders Fristedt Founder & Product Manager ESM Experienced Information Security specialist with a long range of successful assignments. Previous experiences range from Manager roles, Co-Founder in start-ups and consultant within Information Security and Risk Management Email +46 72-578 37 33 ​ +46 70-202 52 11 Daniel Liliehöök Head of Development & Co-Founder Experienced IT-architect with a business perspective. When designing IT solutions I always question and care for the larger picture as well as the nitty gritty details... ​ Erik Andersson Software Development, Partner ​ +46 76-866 74 00 Jonas Ransjö Software Development, Partner Per Strömsjö Information Security Expert, Consultant ​ Experienced teacher within Operational Risk, Information Security and Board Member at Riskkollegiet (Twitter: @riskkollegiet). ​ Read More Email ​ Email +46 (0)72 548 52 50 ​ Anders Berg Sales Associate ​ Experienced Manager with extensive sales experience from solution selling. Johnny Slätt Information Security Specialist ​ ​ Read More Email ​ +46 (0)70 144 22 88 ​ Email ​ ​ Natalie Bohman Student and Junior Consultant Hampus Englund Student and Junior Consultant ​ ​ Read More Email ​ Email ​ ​ Irene Montin Project Manager, associated Irene is a pragmatic and experienced Project Manager that is associated with Innovate Security in selected customer assignments. Irene is self employed JOIN THE TEAM We want to find smart creatives to help us build a safer Internet. Are you interested in working for us? Please contact us by using the form below. ​ At the moment we are only looking for: ​ IT Architects with experience in working with Information Security, IT security and/or Cybersecurity. Information Security Specialists Thanks! Message sent. Send ArkivIT Swedish Institute for Standards sp|Our partners ​ di|mån 12 apr. Teams meeting 12 apr. 15:00 – 19:00 CEST Teams meeting In this webinar experts from Innovate will show features and functionality in ESM with concrete examples. The Webinar will be recorded. On this Webinar will show how to work with classifications and information security architecture. Existing customers will be prioritised. mån 03 maj Teams meeting 03 maj 15:00 – 19:00 CEST Teams meeting In this webinar experts from Innovate will show features and functionality in ESM with concrete examples. The Webinar will be recorded. We will show how to work with ICT Compliance with several frameworks and/or standards. Existing customers will be prioritised. h1|Upcoming Events sp|+5 more sp|ESM - chose your size ESM Small 1 Read/Write User Up to 5 Read Only users ESM Medium 5 Read/Write User Unlimited Read Only users ESM Large Unlimited users ESM - functional modules ESM Base Basic modelling functionality Information Security Architecture Information Classification, Business Criticality classification GDPR Article 30 registry Data Protection by Design Asset Based Risk Assessment Included in all sizes ESM Finance Nordic Financial Supervisory regulations, e.g. FI FFFS2014:1, FFFS2014:4 and FFFS2014:5 PCI-DSS EBA Guideline for Outsourcing EBA Guideline for ICT Risk and Security Risk Management (EBA/GL/2019/04) Statements of Applicability for all standards Compliance Reports Requires ESM Medium or ESM Large ISO Module Integrated ISO standards: ISO/IEC27001 ISO/IEC27002 ISO/IEC27005 ISO/IEC27018 ISO/IEC27701 Statements of Applicability for 27001, 27002 Compliance Reports Internal Control and Own standards Implement your own standards and create Statements of Applicability "State once, measure many", work with compliance with different regulations Implement your own Internal Control program. Compliance Reports Requires ESM Medium or ESM Large BCM Module Integrated ISO/IEC 27031 with Statement of Applicability Integrated support for BCM Supplier BCP follow up Internal Controls for BCM Compliance Reports Requires ESM Medium or ESM Large Start your free trial of ESM now! ESM Base is included in Free Trial. ​ Innovate Security can easily update your trial account if you want to test the other modules. Contact us through the User Interface of ESM. di|Search Release 2.6.0 Improvements regarding Named Organizations, Search Filters, ISO/IEC 27001 and ISO/IEC27002 available in Swedish, creating a SOA for... Beat the Cybersecurity Skills Shortage - excellent report by Tom Scholtz "Conventional wisdom dictates that an increase in cybersecurity threats requires ever-larger IT Security teams", the report provides some... Release 2-5-3 Hotfix: confusing special case of information classification An information object inheriting attributes with lower classification also... Release 2.5.0 Named Organizations A list of external organizations has been added under Resources. The fields for Controller, Processor(s) and Third... Release 2.4.0 Event History All changes (creations, updates and deletions) are stored and viewable either in a global history table or per object. The... Release 2.3.0 Language support ESM is now available also in Swedish. Various minor fixes The date a risk analysis was closed is now shown in the closed... Release 2.2.5 Updates to risk module Assets and risks are now part of a selected risk analysis. Release 2.2.0 Live model updates for simultaneous users All updates a user makes in ESM are now immediately propagated to all other logged in users.... Release 2.1.0 Demands & Statements on processes and documents Statement(s) of Applicability (of ISO 27000) can set demands for security controls on... SIS och Innovate lanserar SIS-ESM Innovate och SIS - Svenska Institutet för Standarder - lanserar tillsammans SIS-ESM; ett praktiskt och effektivt sätt att arbeta med ISO... Release 2.0.4 Minor fixes in the risk identification module New ISO standards in the 27000-series added ESM 2.0 Major release with new fundamental functionality: Support for Risk Analysis with a simplified workflow based on ISO standards. Improved... Release 1.9.10 Security Mechanisms Using Security Mechanisms is a way for organisations to detail how they interpret and intend to implement controls... A summary of Information Security trends (3/3) Continuing our discussion on a few trends within Information Security, here are trend 5 and 6. You are free to use this information as... A summary of Information Security trends 2/3 Continuing our discussion on a few trends within Information Security, here are trend 2, 3 and 4. You are free to use this information as... A summary of Information Security trends (1/3) The purpose of Information Security is to protect organisation’s business and their employees. In order to prioritise investments and... ESM Release 1.9.5 New field, 'applicable law', in processing form When legal ground 'compliance with legal obligations' is selected, the applicable law can... ESM Release 1.9.0 Automated life cycle management for instances of ESM ESM Release 1.7.3 Added OpenAPI 3.0 specification The API can now be explored at the endpoints /api/openapi and /swaggerui. ESM Release 1.7.1 Slightly improved browser support Consolidated the look of menus, tooltips and navigation trees Processes now inherit the owner of their... {"items":["5e78920aa9c38d0017cfdb75","5e3ad664588b0500175fb6d3","5e3ad874c68eb30019aaed98","5e20be1e6012a700179a7600","5df92deebef9450017b625be","5dd447db51385d0017af291f","5dd4476e739bb90017fa1d9c","5dd4472acb12720017d903c5","5dd446eb17f8360017c6c2c4","5d79fe063cb5990017eeb2a1","5dd446a62dcae2001769638b","5d6aaabdfea90e017c70fe5f","5d56a8f83c74500015e1189c","5d5296fdcbb28500175db88d","5d52963432d13f0017d4de41","5d5295ad5d8a320017603a29","5d4c204a81c4dc00170cd497","5d4c3e746b13fa0017f0f824","5d4c401c52f9d90017e53875","5d4c40f5579f02001721c693"],"styles":{"galleryType":"Columns","groupSize":1,"showArrows":true,"cubeImages":true,"cubeType":"fill","cubeRatio":1.3333333333333333,"isVertical":true,"gallerySize":30,"collageAmount":0,"collageDensity":0,"groupTypes":"1","oneRow":false,"imageMargin":32,"galleryMargin":0,"scatter":0,"rotatingScatter":"","chooseBestGroup":true,"smartCrop":false,"hasThumbnails":false,"enableScroll":true,"isGrid":true,"isSlider":false,"isColumns":false,"isSlideshow":false,"cropOnlyFill":false,"fixedColumns":1,"enableInfiniteScroll":true,"isRTL":false,"minItemSize":50,"rotatingGroupTypes":"","rotatingCropRatios":"","columnWidths":"","gallerySliderImageRatio":1.7777777777777777,"numberOfImagesPerRow":1,"numberOfImagesPerCol":1,"groupsPerStrip":0,"borderRadius":0,"boxShadow":0,"gridStyle":1,"mobilePanorama":false,"placeGroupsLtr":true,"viewMode":"preview","thumbnailSpacings":4,"galleryThumbnailsAlignment":"bottom","isMasonry":false,"isAutoSlideshow":false,"slideshowLoop":false,"autoSlideshowInterval":4,"bottomInfoHeight":0,"titlePlacement":"SHOW_ON_THE_RIGHT","galleryTextAlign":"center","scrollSnap":false,"itemClick":"nothing","fullscreen":true,"videoPlay":"hover","scrollAnimation":"NO_EFFECT","slideAnimation":"SCROLL","scrollDirection":0,"scrollDuration":400,"overlayAnimation":"FADE_IN","arrowsPosition":0,"arrowsSize":23,"watermarkOpacity":40,"watermarkSize":40,"useWatermark":true,"watermarkDock":{"top":"auto","left":"auto","right":0,"bottom":0,"transform":"translate3d(0,0,0)"},"loadMoreAmount":"all","defaultShowInfoExpand":1,"allowLinkExpand":true,"expandInfoPosition":0,"allowFullscreenExpand":true,"fullscreenLoop":false,"galleryAlignExpand":"left","addToCartBorderWidth":1,"addToCartButtonText":"","slideshowInfoSize":200,"playButtonForAutoSlideShow":false,"allowSlideshowCounter":false,"hoveringBehaviour":"NEVER_SHOW","thumbnailSize":120,"magicLayoutSeed":1,"imageHoverAnimation":"NO_EFFECT","imagePlacementAnimation":"NO_EFFECT","calculateTextBoxWidthMode":"PERCENT","textBoxHeight":0,"textBoxWidth":200,"textBoxWidthPercent":50,"textImageSpace":10,"textBoxBorderRadius":0,"textBoxBorderWidth":0,"loadMoreButtonText":"","loadMoreButtonBorderWidth":1,"loadMoreButtonBorderRadius":0,"imageInfoType":"ATTACHED_BACKGROUND","itemBorderWidth":1,"itemBorderRadius":0,"itemEnableShadow":false,"itemShadowBlur":20,"itemShadowDirection":135,"itemShadowSize":10,"imageLoadingMode":"BLUR","expandAnimation":"NO_EFFECT","imageQuality":90,"usmToggle":false,"usm_a":0,"usm_r":0,"usm_t":0,"videoSound":false,"videoSpeed":"1","videoLoop":true,"jsonStyleParams":"","gallerySizeType":"px","gallerySizePx":940,"allowTitle":true,"allowContextMenu":true,"textsHorizontalPadding":-30,"itemBorderColor":{"value":"#999999"},"showVideoPlayButton":true,"galleryLayout":2,"targetItemSize":940,"selectedLayout":"2|bottom|1|fill|true|0|true","layoutsVersion":2,"selectedLayoutV2":2,"isSlideshowFont":false,"externalInfoHeight":0,"externalInfoWidth":0.5},"container":{"width":940,"galleryWidth":972,"galleryHeight":0,"scrollBase":0,"height":null}} 2 sp|Admin Feb 16, 2020 1 min 0 comments Admin Feb 5, 2020 1 min 0 comments Admin Jan 23, 2020 1 min 0 comments Admin Jan 16, 2020 1 min 0 comments Admin Dec 17, 2019 1 min 0 comments Admin Oct 30, 2019 1 min 0 comments Admin Oct 17, 2019 1 min 0 comments Admin Oct 1, 2019 1 min 0 comments Admin Sep 18, 2019 1 min 0 comments Daniel Sep 12, 2019 1 min 0 comments Admin Sep 7, 2019 1 min 0 comments Daniel Aug 31, 2019 1 min 0 comments Daniel Aug 16, 2019 1 min 0 comments Admin Aug 13, 2019 2 min 0 comments Admin Aug 13, 2019 2 min 0 comments Admin Aug 13, 2019 2 min 0 comments Daniel Jul 5, 2019 1 min 0 comments Daniel Jun 25, 2019 1 min 0 comments Daniel May 15, 2019 1 min 0 comments Daniel Apr 26, 2019 1 min 0 comments di|Search ESM Release 1.7.2 Filters of information objects now respect attributes inherited via associations ESM Release 1.7.0 Add multiple selection of diagram nodes You can now select (and drag) multiple diagram nodes by shift-clicking or dragging a rectangle... ESM Release 1.6.3 Add legal exception field for processing of special categories of personal data Fix descriptive labels of information object associations... ESM Release 1.6.0 Attributes can now be inherited via associations Processes now display all processings and applications of their subprocesses ESM Release 1.5.2 Added export function to all tables Improved display of name and paths in process diagrams Improved visibility of long object names in... ESM Release 1.5.1 Minor fixes ESM Release 1.5.0 GDPR Reporting Release 1.3.0 Various bugfixes Release 1.4.0 Revamped lists. Release 1.2.0 Enabled support for inherited information attributes Release 1.1.0 Added Security Services Security Services, which provide a number of Security Controls, can now be added to applications, devices,... Release 1.0.0 First non-beta release Various bugfixes, new functionality, and redesigned graphical user interface. Know your information! The “I” in IT stands for information. Still, most IT-departments focus only on the technology and software part, and not on the actual... How we think about UX or "God help me if this is a dud" Usually when we, we as "we in the it-industry", talk about User experiences we talk about it in the context of an application or website.... abc123, encryption your worst nightmare Encryption, the word indicates security, assurance, and trust. But encryption really means making information unavailable, so why are we... {"items":["5d4c407d5461ba0017bf6dda","5d4c426a6b13fa0017f103e0","5d4c44fb7afc5300171ec613","5d4c454bf87cbf0017ad4a99","5d4c470fa9c4c90017a78742","5d4c477e2ec7470017126bf7","5d4c47c1edd7c4001876ea20","5d4c48176b13fa0017f112d0","5d4c47eea9c4c90017a7893c","5d4c484e00e9e40017ca59fe","5d4c4882456f6f001734bd38","5d4c48b6ddde0f0017613107","5ad9ff89c7688a00386153d4","5a8d39d340fe9b060635d259","5a8d38c9e10fcc0695abad08"],"styles":{"galleryType":"Columns","groupSize":1,"showArrows":true,"cubeImages":true,"cubeType":"fill","cubeRatio":1.3333333333333333,"isVertical":true,"gallerySize":30,"collageAmount":0,"collageDensity":0,"groupTypes":"1","oneRow":false,"imageMargin":32,"galleryMargin":0,"scatter":0,"rotatingScatter":"","chooseBestGroup":true,"smartCrop":false,"hasThumbnails":false,"enableScroll":true,"isGrid":true,"isSlider":false,"isColumns":false,"isSlideshow":false,"cropOnlyFill":false,"fixedColumns":1,"enableInfiniteScroll":true,"isRTL":false,"minItemSize":50,"rotatingGroupTypes":"","rotatingCropRatios":"","columnWidths":"","gallerySliderImageRatio":1.7777777777777777,"numberOfImagesPerRow":1,"numberOfImagesPerCol":1,"groupsPerStrip":0,"borderRadius":0,"boxShadow":0,"gridStyle":1,"mobilePanorama":false,"placeGroupsLtr":true,"viewMode":"preview","thumbnailSpacings":4,"galleryThumbnailsAlignment":"bottom","isMasonry":false,"isAutoSlideshow":false,"slideshowLoop":false,"autoSlideshowInterval":4,"bottomInfoHeight":0,"titlePlacement":"SHOW_ON_THE_RIGHT","galleryTextAlign":"center","scrollSnap":false,"itemClick":"nothing","fullscreen":true,"videoPlay":"hover","scrollAnimation":"NO_EFFECT","slideAnimation":"SCROLL","scrollDirection":0,"scrollDuration":400,"overlayAnimation":"FADE_IN","arrowsPosition":0,"arrowsSize":23,"watermarkOpacity":40,"watermarkSize":40,"useWatermark":true,"watermarkDock":{"top":"auto","left":"auto","right":0,"bottom":0,"transform":"translate3d(0,0,0)"},"loadMoreAmount":"all","defaultShowInfoExpand":1,"allowLinkExpand":true,"expandInfoPosition":0,"allowFullscreenExpand":true,"fullscreenLoop":false,"galleryAlignExpand":"left","addToCartBorderWidth":1,"addToCartButtonText":"","slideshowInfoSize":200,"playButtonForAutoSlideShow":false,"allowSlideshowCounter":false,"hoveringBehaviour":"NEVER_SHOW","thumbnailSize":120,"magicLayoutSeed":1,"imageHoverAnimation":"NO_EFFECT","imagePlacementAnimation":"NO_EFFECT","calculateTextBoxWidthMode":"PERCENT","textBoxHeight":0,"textBoxWidth":200,"textBoxWidthPercent":50,"textImageSpace":10,"textBoxBorderRadius":0,"textBoxBorderWidth":0,"loadMoreButtonText":"","loadMoreButtonBorderWidth":1,"loadMoreButtonBorderRadius":0,"imageInfoType":"ATTACHED_BACKGROUND","itemBorderWidth":1,"itemBorderRadius":0,"itemEnableShadow":false,"itemShadowBlur":20,"itemShadowDirection":135,"itemShadowSize":10,"imageLoadingMode":"BLUR","expandAnimation":"NO_EFFECT","imageQuality":90,"usmToggle":false,"usm_a":0,"usm_r":0,"usm_t":0,"videoSound":false,"videoSpeed":"1","videoLoop":true,"jsonStyleParams":"","gallerySizeType":"px","gallerySizePx":940,"allowTitle":true,"allowContextMenu":true,"textsHorizontalPadding":-30,"itemBorderColor":{"value":"#999999"},"showVideoPlayButton":true,"galleryLayout":2,"targetItemSize":940,"selectedLayout":"2|bottom|1|fill|true|0|true","layoutsVersion":2,"selectedLayoutV2":2,"isSlideshowFont":false,"externalInfoHeight":0,"externalInfoWidth":0.5},"container":{"width":940,"galleryWidth":972,"galleryHeight":0,"scrollBase":0,"height":null}} 3 sp|Daniel Apr 26, 2019 1 min 0 comments Daniel Apr 10, 2019 1 min 0 comments Daniel Apr 2, 2019 1 min 0 comments Daniel Mar 27, 2019 1 min 0 comments Daniel Mar 13, 2019 1 min 0 comments Daniel Mar 8, 2019 1 min 0 comments Daniel Mar 6, 2019 1 min 0 comments Daniel Feb 1, 2019 1 min 0 comments Daniel Feb 1, 2019 1 min 0 comments Daniel Dec 14, 2018 1 min 0 comments Daniel Dec 4, 2018 1 min 0 comments Daniel Nov 7, 2018 1 min 0 comments Daniel Apr 20, 2018 2 min 0 comments Innovate Blog Posts Feb 21, 2018 2 min 0 comments Innovate Blog Posts Feb 21, 2018 2 min 0 comments ISO support in partnership with Swedish Institute for Standards. Connect requirements and security controls from ISO with your assets and maintain an updated status of compliance. A measurable Information Security Management System. . The controls will then be automatically distributed amongst relevant objects. Delegate control and get a measurable implementation of Business Continuity Planning. Integration of ISO/IEC27031 with a Statement of Applicability is included. A common model, a common view of compliance and the level of protection of sensitive assets. sp|ESM ​ ENTERPRISE SECURITY MODELLER Why ESM? Take control over Information Security using a visual model of Information Security Architecture An effective way to maintain compliance with regulations and frameworks. Design your own Internal Controls and monitor compliance. Import your own standards and frameworks and create Statements of Applicability for them, "state once, measure many" Support in Asset Based Risk Identification A visual and effective GDPR-repository and support in Data Protection by Design A visual and effective support for working with Business Continuity Planning, including ISO/IEC27031 Integrate support for standards, regulations and frameworks e.g. ISO/IEC27000, EBA Guideline on ICT Risk and Security Management, EBA Guideline on Outsourcing arrangements, EIOPA Guideline on ICT Risk and Security Management, PCI-DSS, CSA CCM, 20 CIS Control and more. SIGN UP ​ Get busy and start today! Synchronize your team and let everyone instantly see how they can contribute to making your organization safer by adding read-only users without cost. ​ ​ ​ *ESM Base is included in trial, contact Innovate Security for testing of the other modules. Start free trial ENTERPRISE SECURITY MODELLER KNOW AND PROTECT YOUR INFORMATION ESM - Enterprise Security modeller is a simple visual modelling tool that help you know and protect your valuable assets. ESM will guide you to document precisely what is needed to support your business needs in information security and regulatory compliance. ​ In ESM you don't get just another modelling tool - you get our built in expert advice on what to modell and how to do it right! ​ Benefits : visual and simple repository of processes, information, suppliers and IT-systems. Get instant reports of compliance, security requirements and work with your own standards and/or frameworks. ​ AS SIMPLE AS POSSIBLE - BUT NOT SIMPLER ESM is designed to be as simple as possible, but not simpler. This will help you spend your time on just the right documentation and modelling that is needed to keep your information safe and comply with regulatory demands such as GDRP. ​ Benefits : don't lose time with unnecessary details, document important assets and connect them to Information Security Architecture, frameworks and regulations ​ INTERNATIONAL STANDARDS FOR INFORMATION SECURITY ​ Working with Information Security is complex, the use of standards will let you use the collective experience of other organisations. ESM has a built-in support for ISO/IEC 27000 letting you efficiently connect Information Classification with the requirements in several standards. This enables a more efficient collaboration on what controls should be implemented where and follow-up the compliance. ​ ISO/IEC27001 - Information Security Management ISO/IEC27002 - Information Technology, Security techniques, Code of Practise for security controls ISO/IEC27005 - Information Technology, Security techniques, Information Security Risk Management ISO/IEC27018 - Information Technology, Security techniques, Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors ISO/IEC27701 - Information Technology, Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines ​ ​ Benefits: ​ MAPPING OF GDPR ​ The easy-to-use, fast en efficient modelling of processes, information and IT-systems let you track information that needs to be compliant with GDPR and where that information is processed and/or stored. ESM offers a visual and simple way of working with the protection and handling of privacy information that will enable collaboration between specialists. ISO/IEC27018 and ISO/IEC27701 provides support on what security controls should be applied to protect Your personal data. One step closer Data Protection by Design. ​ Benefit: Keep your repository updated and measurable, get instant reports of where your sensitive data is and how it is processed. ​ Managing ICT Readiness for Business Continuity ​ The built-in connection between processes, IT-applications and organisations makes ESM ideal for working with Business Continuity. Classify processes and connect the Criticality levels with requirements on Backup & Restore, Recovery Documents and other technical or administrative controls ​ ​ Benefit: Get rid of excel sheets and work with dynamic data that enables an efficient and effective Business Continuity program. Get compliance reports down to specific organisations and business application.s ​ A PLATFORM FOR COLLABORATION ​ Information security is too important for your company to leave it to specific experts alone. Information Security has to built in into all areas of your business; from business processes, IT-architecture and physical infrastructure. More people need to be involved and collaborate - directly or indirectly - to keep your information safe. ​ Benefits: ​ ​ ​ ​ Start free trial di|Search st|Support for Risk Analysis with a simplified workflow based on ISO standards. Improved and enhanced functionality to work with Statements of Applicability for Security Standards. The introduction of Security Mechanisms that will greatly enhance the ability to work with security compliance. The introduction of Named Documents will enable tracking governing documents such as policies, instructions and agreements. sp|Daniel Aug 31, 2019 1 min read ESM 2.0 Major release with new fundamental functionality: sp|ISO/IEC27000 readiness Innovate Security will help you implement ISO/IEC27001 and ISO/IEC27002 and to make sure that your organisations is ready for a certification. Following a structured and well-prepared work flow we will guide You and Your Organisation from start to finish and act as "Chief Information Security Officer on demand". ​ What You will get: A digital Information Security Management System adopted to Your Organisation. Facilitation through workshops by experienced experts within the field. Governing documents and a Information Security Architecture following international frameworks and standards Contact us Financial ICT Compliance Innovate Security will facilitate a set of workshops where we will guide You through modelling of relevant information and where that information is stored and/or processed. Your IT organisation will be ready for compliance with the relevant Financial regulations in Sweden. We will facilitate an Internal Control program that will ensure that Your Internal and External Audits will run smoothly and reduce remarks. ​ What You will get: An effective Internal Control program based on the common regulations and Audit Controls within the Financial Market. Efficient compliance reporting of FFFS2014:1, FFFS2014:4 and FFFS2014:5 as well as EBA Guideline on ICT Security and Risk Management. An effective Information Security Architecture that enables requirements follow-up on Suppliers and Cloud Services. Contact us ICT Readiness for Business Continuity Managing Business Continuity is complex and time consuming. Innovate Security simplifies this process for your IT organisation so that you get a visual and up to date model of how your critical processes are connected with Business Applications and Suppliers. During this process we will also set up a Management System for controlling Backup & Restore, Disaster Recovery routines, Supplier Management and more. ​ What You will get: A Management System for enabling an efficient Business Continuity Planning for IT. A visual model of how your critical processes depend on Business Applications and Suppliers. An Internal Control Process for controlling compliance and ICT Readiness for Business Continuity. Contact us GDPR-repository Innovate Security will facilitate a set of workshops where we will guide You through modelling of relevant information and where that information is stored and/or processed. Suppliers will be identified and relevant controls applied accordingly. A treatment registry for GDPR Article 30 and a Data Protection Architecture will be defined and documented, enabling "Data Protection by Design" for your organisation. ​ What You will get: A visual treatment registry enabling compliance with GDPR Article 30 A security architecture enabling Data Protection by design. A visual and effective documentation of where your personal data is processed and stored. Contact us We believe that a good consultant is not only professional and skilled within his/hers area of expertise; a good consultant also needs to have emotional and cognitive skills. To put the Customer's needs in the first room will need competence as well as a strong personality. Furthermore we also believe that one plus one becomes three when specialists from different domains cooperate in problem solving or in the creation of something new. We believe that we will be great consultants by: Focusing on effect! Being transparent! Put the user first! The biggest impact on your IT-security comes from taking the right decisions when designing your solutions in the first place. We at Innovate can help you designing the best solution for your tasks, providing support with: Support your procurement process. Efficient governance of functional and non-functional demands. Design or detail optimal business processes. ​ Our Architects have expertise in high- and low level architecture and can provide support within Enterprise Architecture initiatives, detailed process- and information modelling as well as designing service oriented and/or event driven system integrations. sp|Our view on consulting Information security Successful implementations of Information Security Governance supports the business in ​ Protecting assets worth protecting to a reasonable level of protection. Safeguarding business values by making peoples act reasonable. Making it possible for a safe return to business as usual, should anything go wrong. ​ Integrating Information Security as a natural part of other parts of the business is important for a successful implementation. Thus Innovate believe in cooperation and keeping the Management System for Information Security as simple as possible (but not simpler) in our projects. Example projects Contact us Architecture ​ ​ Contact us System Development ​ Innovate Security has been working with external Software Development projects as well as our own development of our products. We believe in an agile approach with short, iterative deliveries and a continuous dialogue between the project team and the customer. We use the following technologies in our development:​ We have extensive experience in developing with Python, Elixir and Javascript. Our usual technology stack consists of either the Phoenix framework on elixir or Django/Pylons/Pyramid/Flask on Python, with a React, Redux and D3 mix on top. We have experience working with different web-server related technologies such as Apache, nginx, Grafana and Postgres. We normally deploy in cloud environments, usually google compute engine or compute cloud. ​ ​ Lastly, we of course use standard development tools to easily integrate into your development cycle, such as git, jira, jenkins, selenium, soapui, loadui as well as a series of different unit-testing libraries. Contact us We support Avida Finans AB in developing a structured governance of Information Security and Compliance. Innovate supports Avida in creating an Information Security Management System aligned with ISO/IEC27000 and regulative requirements from the Swedish and the Norwegian Financial Supervisory Authority. "An enormous relief!" - Fredrik Ljung, founder of Ljung & Sjöberg after Innovate helped them get control over their information security and upcoming GDPR regulation. Innovate Security have helped Riksbyggen with the over-all solution architecture and detailed design of a large project that replaced legacy ERP-systems and renewed Rikbyggen's economical steering model and business processes. sp|VISIT OUR BLOG FAQ CONTACT US GIVE US YOUR FEEDBACK Stockholm Sweden +46 (0)8-520 277 95‬ © Innovate Security Sweden AB Top level processes are now possible to layout just as in the other process diagrams. It is now possible to select one or several activities in a process diagram, and move them to a new or existing subprocess. More pedagogical display of statements about security mechanisms on objects when security mechanisms are being provided by a security service New users now get to see and accept our terms & conditions and privacy policy when activating their user accounts in ESM Minor bugfixes Fixed a problem that sometimes made it impossible to remove a connected information object from an organization. di|Search sp|Admin Mar 18, 2020 1 min read Release 2.7.0 Improved process modelling functionality Autocomplete suggestions for email when adding a new person Corrected model health report on organizations handling sensitive personal data. di|Search sp|Admin Mar 3, 2020 1 min read Release 2.6.4 Fixed performance issues in large models. Added functionality for administrator to set values for SMS OTP timeout. di|Search sp|Admin Feb 16, 2020 1 min read Release 2.6.0 Improvements regarding Named Organizations, Search Filters, ISO/IEC 27001 and ISO/IEC27002 available in Swedish, creating a SOA for chapter 4-10 in ISO/IEC27001. It is not possible to add and edit new standards, e.g. It is now possible to add and edit any standard into ESM. Any user-added standard can be used as the basis of a SOA, this is premium functionality only, and not included in the standard license New hierarchical process-chooser simplifies connecting other things to processes (information objects, applications etc) Named documents can now be linked to any domain object di|Search st|Hotfix: confusing special case of information classification sp|Admin Jan 23, 2020 1 min read Release 2-5-3 An information object inheriting attributes with lower classification also inherited their classification in the case when it did not have any attributes of its own. di|Search st|Named Organizations RACI responsibilites for model assets Missing Statements Export list of Security Mechanisms provided by a Security Service Export to SVG sp|Admin Jan 16, 2020 1 min read Release 2.5.0 A list of external organizations has been added under Resources. The fields for Controller, Processor(s) and Third party recipients of personal data have been changed from free-text to selected organizations from this list. Locations can now also be connected to these organizations. All assets in the model (processes, information objects, application etc) now have four fields instead of the previous single field for Owner. It is now possible to specify who is Responsible, Accountable Owner, Consulted, and Informed for each asset. Users who are Responsible or Accountable for assets in the model will now see a list of missing statements of fulfillment that they need to answer on the start page. The list of Security Mechanisms that a Security Service provides can now be exported into a CSV list that includes levels and descriptions of the provided Security Mechanisms. This is particularly useful for Security Services that represent demands put on for external service suppliers. The exported list can be used to communicate your demands and to collect answers from your suppliers. It is now possible to export process diagrams as SVG images, by right-clicking in the diagram. A link to a dynamically updated version of the image is also generated. The static image can be saved and published anywhere, and the dynamic image can be embedded in a html page with , visible in a browser with an active ESM session. di|Search st|Event History The start page now shows the following: ISO 27701 support PDF exports are available for the following reports and views: The left hand navigation tree and right hand navigation menu in diagram views can now be collapsed and hidden. Customizable session timeout Various minor improvements and bug fixes sp|Admin Dec 17, 2019 1 min read Release 2.4.0 All changes (creations, updates and deletions) are stored and viewable either in a global history table or per object. Security Standard compliance summaryObjects owned by userLatest changesLatest changes pertaining to objects owned by userStatus of objects in the modelStatus of personal data in the model Support for Security Standard ISO 27701:2019, including Statement of Applicability has been added. Security Mechanisms reportStatement of Applicabiliy reportAny diagram view (accessible in right-click context menu) Session timeout can now be customized in the Admin Settings. di|Search st|Language support Various minor fixes sp|Admin Oct 30, 2019 1 min read Release 2.3.0 ESM is now available also in Swedish. The date a risk analysis was closed is now shown in the closed risk analysis table. Closing a risk analysis also requires a confirmation.More efficient and robust client-server communication.GDPR alternatives (legal grounds for processing personal data) are now shown with relevant information taken from GDPR articles.User profile settingsFirst login welcome pop-up di|Search st|Updates to risk module sp|Admin Oct 17, 2019 1 min read Release 2.2.5 Assets and risks are now part of a selected risk analysis. di|Search st|Live model updates for simultaneous users Bug fixes for session handling sp|Admin Oct 1, 2019 1 min read Release 2.2.0 All updates a user makes in ESM are now immediately propagated to all other logged in users. Session time-out detection has been corrected, so that inactive users are logged out regardless of window focus, etc. di|Search st|Demands & Statements on processes and documents Enhanced reporting sp|Admin Sep 18, 2019 1 min read Release 2.1.0 Statement(s) of Applicability (of ISO 27000) can set demands for security controls on processes and documentsLevels of fulfillment can be stated for demanded security controls Summary and drill-down report of fulfillment of security mechanismsSummary and drill-down report of fulfillment relative to Statement(s) of Applicability of standards (ISO 27000) di|Search st|New field, 'applicable law', in processing form Various bug/feature fixes sp|Daniel Jul 5, 2019 1 min read ESM Release 1.9.5 Updated: Aug 8, 2019 When legal ground 'compliance with legal obligations' is selected, the applicable law can now be specified di|Search st|Various bugfixes sp|Daniel Feb 1, 2019 1 min read Release 1.3.0 di|Search st|Revamped lists. sp|Daniel Feb 1, 2019 1 min read Release 1.4.0 di|Search st|Enabled support for inherited information attributes sp|Daniel Dec 14, 2018 1 min read Release 1.2.0 Security Services, which provide a number of Security Controls, can now be added to applications, devices, locations and processes. di|Search st|Added Security Services sp|Daniel Dec 4, 2018 1 min read Release 1.1.0 Various bugfixes, new functionality, and redesigned graphical user interface. di|Search st|First non-beta release sp|Daniel Nov 7, 2018 1 min read Release 1.0.0 Using Security Mechanisms is a way for organisations to detail how they interpret and intend to implement controls from standardized frameworks such as for example ISO 27000. A Security Mechanism can be defined in two or more levels, depending on the security goals of handled information. di|Search sp|Daniel Aug 16, 2019 1 min read Release 1.9.10 These General Terms and Conditions, along with the agreement documents that form part of the agreement on software services, constitute the ESM – Enterprise Security Models Agreement between the Customer and the Supplier. In this document, “ESM – Enterprise Security Models” is referred to as “the Service”. Innovate Security applies payment terms of 30 days net. All prices are given in SEK and are exclusive of VAT. If the Customer does not pay promptly, Innovate Security has the right to charge late payment interest, as provided for by law. Innovate Security has the right to discontinue delivery after giving written notice to the Customer, until the Customer has paid off any outstanding debts and provided satisfactory security for payments for Innovate Security’s continued delivery. The Customer is granted a time-limited, non-exclusive, non-transferrable right to use the Service in accordance with the Agreement. The Supplier is responsible for holding all rights to be able to provide the Service. The Customer is not granted any intellectual property right to any part of the Service or any third party right. The Customer may not copy or modify the Service or allow anyone else to do so. The Customer does not have the right to obtain the source code for the Service, and nor may its research, change or modify it. Intellectual property rights that appear as a result during the period of the agreement and that are not included in the intellectual property rights that belong to the Supplier or any third party shall be ceded to the Customer on termination of the agreement. The result may consist of the documentation and other material associated with the Agreement. The Supplier is responsible for ensuring that the Service does not infringe anyone else’s copyright or other right owing to usage in Sweden. The Supplier shall defend the Customer at its own expense if a claim is made or legal action is pursued against the latter for infringement of copyright or other right on the grounds of usage of the Service in Sweden. This applies on condition that the Customer has used the Service in accordance with the Agreement and that the Supplier has been notified by the Customer in writing and within a reasonable time scale of claims or legal action initiated, and that the Supplier alone may decide how such legal action should be defended and conduct proceedings on settlement or conciliation. The Supplier processes personal data in order to administer the Services in accordance with the Agreement and in compliance with the The General Data Protection Regulation (EU) 2016/697 (the Regulation). The Customer gives consent for their personal data to be anonymised, so that traceability is not possible, to form the basis for marketing and customer analyses, business and methodology development and for statistical purposes at an aggregated level. In the event that one or more subcontractors are hired, the Supplier is responsible for these as well as for the Suppliers’ own work, and the Supplier shall make sure that subcontractors process Personal Data in accordance with this Agreement and the Supplier’s instructions. The personal data the Supplier is given access to for the purposes stated in the Agreement will be processed in Sweden or within the EU/EEA. All suitable technical and organisational measures will be taken to protect the Customers’ personal data processed in the Service in compliance with the provisions of the PDA and the Regulation. Personal Data will not be disclosed to third parties. Upon termination of the Agreement, all processing of the Customers Personal Data shall cease and all data containing personal information shall be deleted or transferred to the Customer in accordance with a separate agreement, unless otherwise stipulated in other legislation. The Supplier undertakes not to disclose to third parties confidential information that has been obtained or developed in connection with the Agreement, and not to use it for any other purpose than that of the Agreement. Confidential information refers in this provision to all information concerning the Agreement or the Customer’s activity - whether technical, commercial or otherwise - regardless of whether the information is documented in data media, in verbal or written form, except for: information that is publicly known or of which the public is made aware by other means than through breach of this provision, information that can be proven to be known before receipt from the Customer, information that is received or will be received from a third party without being subject to confidentiality in respect of the latter. A party does not have the right to use the other party’s company name for advertising or other marketing purposes without having obtained the prior written consent of the other party. The Supplier undertakes to ensure that its consultants comply with this provision on confidentiality. The duty of confidentiality will apply three (3) years after termination of the Agreement. If a party is prevented from fulfilling its obligations in accordance with the Agreement as a result of circumstances the party has had no control over and that it could not have been expected to predict at the time of entering into the Agreement, and the consequences of which it could not reasonably have avoided or overcome, this shall constitute grounds for release, which allows for a deferment of the agreed time scales for performance and release from liability for damages and any other sanctions. The party shall take reasonable steps to minimise the effects of such circumstances. A party wishing to be released from its obligations on the grounds of force majeure circumstances shall notify the other party of this in writing as soon as possible, stating what circumstances are being invoked and when the obstacle may be expected to be brought under control. A similar notification shall be given when the obstacle is brought under control. If force majeure circumstances continue for more than three (3) months, either party may terminate the Agreement in writing with immediate effect. Complaints in respect of the Agreement shall be made within a reasonable time scale after the party has been made aware, or should have been made aware, of what the complaint is based on, but at the latest within three (3) months after the termination of the Agreement. Complaints shall be made in writing. Amendments and additions to this agreement will only be valid if drawn up in writing and signed by both parties. A party does not have the right to transfer the Agreement without having obtained the written consent of the other party beforehand. All notifications or dispatches in respect of the Agreement shall be in writing. The notifications shall be deemed to have been received by the other party directly if they have been given in person. If they have been given by e-mail or post - two (2) working days after dispatch to the other party’s e-mail address or postal address at the latest: Either party may change the address to which or the person to whom all notifications, claims or other communications are sent or served in accordance with the Agreement, by sending a written notification to the other party from time to time. The Supplier is only liable for damage caused by the Supplier up to 50% of the total payment the Customer has made over the last twelve (12) months. The Supplier is not liable for loss of profit, expected savings, loss of income, loss of good will or similar, and nor for any consequential loss or other indirect loss. This limitation of liability does not apply in the case of breach of provisions “Intellectual Property Rights”, “Processing of Personal Data” and/or “Confidentiality”. The Supplier shall make sure that it has the required liability insurance. Either party has the right to give notice of immediate termination of this Agreement if the other party does not fulfil or neglects its obligations according to the Agreement and does not effect full rectification within fourteen (14) days after a written request to do so. A party has the right to suspend the Agreement with immediate effect if the other party has discontinued payments, initiated composition proceedings, entered into liquidation, been made bankrupt, is undergoing a restructuring or shows other clear signs of insolvency, or is prevented by law from fulfilling its obligations in accordance with this Agreement. This Agreement is governed by Swedish law. Disputes arising out of this Agreement will be resolved conclusively by arbitration administered by the Rules for Simplified Arbitration Proceedings of the Stockholm Chamber of Commerce Arbitration Institute. The venue for the arbitration proceedings shall be Stockholm. The language of the proceedings shall be Swedish. The arbitration proceedings invoked in accordance with this arbitration clause are subject to confidentiality. Confidentiality applies to all information that is given during the proceedings, as well as decisions or arbitration notified in connection with the proceedings. Information that is subject to confidentiality may not be passed on to a third party in any form without the other party’s written consent. The above provisions of this section do not, however, present any hindrance to a party in the exercising of its right to recover a clear and due debt in an ordinary court of law or through the agency of another competent authority. h5|1.General 2.Financial Terms 3.Licensing Right 4.Intellectual Property Rights 5.Processing of Personal Data 6.Confidentiality 7.Force Majeure 8.Complaints 9.Amendments and Additions 10.Transfer of the Agreement 11.Notifications 12.Limitation of Liability 13.Liability Insurance 14.Early Termination 15.Applicable Law and Disputes sp|General Terms and Conditions for ESM SaaS ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ di|Search Access Control in SME's We want to share some thoughts on how SME's may work with a simple process for controlling access to IT Systems. Larger organisations... Beat the Cybersecurity Skills Shortage - excellent report by Tom Scholtz "Conventional wisdom dictates that an increase in cybersecurity threats requires ever-larger IT Security teams", the report provides some... SIS och Innovate lanserar SIS-ESM Innovate och SIS - Svenska Institutet för Standarder - lanserar tillsammans SIS-ESM; ett praktiskt och effektivt sätt att arbeta med ISO... A summary of Information Security trends (3/3) Continuing our discussion on a few trends within Information Security, here are trend 5 and 6. You are free to use this information as... A summary of Information Security trends 2/3 Continuing our discussion on a few trends within Information Security, here are trend 2, 3 and 4. You are free to use this information as... A summary of Information Security trends (1/3) The purpose of Information Security is to protect organisation’s business and their employees. In order to prioritise investments and... Know your information! The “I” in IT stands for information. Still, most IT-departments focus only on the technology and software part, and not on the actual... How we think about UX or "God help me if this is a dud" Usually when we, we as "we in the it-industry", talk about User experiences we talk about it in the context of an application or website.... abc123, encryption your worst nightmare Encryption, the word indicates security, assurance, and trust. But encryption really means making information unavailable, so why are we... {"items":["5fba91f1f8ebb00017ae1885","5e3ad664588b0500175fb6d3","5d79fe063cb5990017eeb2a1","5d5296fdcbb28500175db88d","5d52963432d13f0017d4de41","5d5295ad5d8a320017603a29","5ad9ff89c7688a00386153d4","5a8d39d340fe9b060635d259","5a8d38c9e10fcc0695abad08"],"styles":{"galleryType":"Columns","groupSize":1,"showArrows":true,"cubeImages":true,"cubeType":"fill","cubeRatio":1.3333333333333333,"isVertical":true,"gallerySize":30,"collageAmount":0,"collageDensity":0,"groupTypes":"1","oneRow":false,"imageMargin":32,"galleryMargin":0,"scatter":0,"rotatingScatter":"","chooseBestGroup":true,"smartCrop":false,"hasThumbnails":false,"enableScroll":true,"isGrid":true,"isSlider":false,"isColumns":false,"isSlideshow":false,"cropOnlyFill":false,"fixedColumns":1,"enableInfiniteScroll":true,"isRTL":false,"minItemSize":50,"rotatingGroupTypes":"","rotatingCropRatios":"","columnWidths":"","gallerySliderImageRatio":1.7777777777777777,"numberOfImagesPerRow":1,"numberOfImagesPerCol":1,"groupsPerStrip":0,"borderRadius":0,"boxShadow":0,"gridStyle":1,"mobilePanorama":false,"placeGroupsLtr":true,"viewMode":"preview","thumbnailSpacings":4,"galleryThumbnailsAlignment":"bottom","isMasonry":false,"isAutoSlideshow":false,"slideshowLoop":false,"autoSlideshowInterval":4,"bottomInfoHeight":0,"titlePlacement":"SHOW_ON_THE_RIGHT","galleryTextAlign":"center","scrollSnap":false,"itemClick":"nothing","fullscreen":true,"videoPlay":"hover","scrollAnimation":"NO_EFFECT","slideAnimation":"SCROLL","scrollDirection":0,"scrollDuration":400,"overlayAnimation":"FADE_IN","arrowsPosition":0,"arrowsSize":23,"watermarkOpacity":40,"watermarkSize":40,"useWatermark":true,"watermarkDock":{"top":"auto","left":"auto","right":0,"bottom":0,"transform":"translate3d(0,0,0)"},"loadMoreAmount":"all","defaultShowInfoExpand":1,"allowLinkExpand":true,"expandInfoPosition":0,"allowFullscreenExpand":true,"fullscreenLoop":false,"galleryAlignExpand":"left","addToCartBorderWidth":1,"addToCartButtonText":"","slideshowInfoSize":200,"playButtonForAutoSlideShow":false,"allowSlideshowCounter":false,"hoveringBehaviour":"NEVER_SHOW","thumbnailSize":120,"magicLayoutSeed":1,"imageHoverAnimation":"NO_EFFECT","imagePlacementAnimation":"NO_EFFECT","calculateTextBoxWidthMode":"PERCENT","textBoxHeight":0,"textBoxWidth":200,"textBoxWidthPercent":50,"textImageSpace":10,"textBoxBorderRadius":0,"textBoxBorderWidth":0,"loadMoreButtonText":"","loadMoreButtonBorderWidth":1,"loadMoreButtonBorderRadius":0,"imageInfoType":"ATTACHED_BACKGROUND","itemBorderWidth":1,"itemBorderRadius":0,"itemEnableShadow":false,"itemShadowBlur":20,"itemShadowDirection":135,"itemShadowSize":10,"imageLoadingMode":"BLUR","expandAnimation":"NO_EFFECT","imageQuality":90,"usmToggle":false,"usm_a":0,"usm_r":0,"usm_t":0,"videoSound":false,"videoSpeed":"1","videoLoop":true,"jsonStyleParams":"","gallerySizeType":"px","gallerySizePx":940,"allowTitle":true,"allowContextMenu":true,"textsHorizontalPadding":-30,"itemBorderColor":{"value":"#999999"},"showVideoPlayButton":true,"galleryLayout":2,"targetItemSize":940,"selectedLayout":"2|bottom|1|fill|true|0|true","layoutsVersion":2,"selectedLayoutV2":2,"isSlideshowFont":false,"externalInfoHeight":0,"externalInfoWidth":0.5},"container":{"width":940,"galleryWidth":972,"galleryHeight":0,"scrollBase":0,"height":null}} sp|Admin Nov 22, 2020 1 min 0 comments Admin Feb 5, 2020 1 min 0 comments Daniel Sep 12, 2019 1 min 0 comments Admin Aug 13, 2019 2 min 0 comments Admin Aug 13, 2019 2 min 0 comments Admin Aug 13, 2019 2 min 0 comments Daniel Apr 20, 2018 2 min 0 comments Innovate Blog Posts Feb 21, 2018 2 min 0 comments Innovate Blog Posts Feb 21, 2018 2 min 0 comments di|Search sp|Admin Dec 29, 2020 1 min read ESM relase 3.5.0 Our December release, that we planned for the 22nd of Dec, was late and we were forced to leave the new authority model outside the release. We were simply not sure that we had tested it enough; quality in deliverance is vital for us so we decided not to release this but wait until the January release. Here is what we released in ESM version 3.5.0 di|Search sp|Admin May 25, 2020 1 min read ESM version 2.9.0 About a week late, but here it is our latest release that improves work with templates greatly. di|Search st|Automated life cycle management for instances of ESM sp|Daniel Jun 25, 2019 1 min read ESM Release 1.9.0 di|Search st|Added OpenAPI 3.0 specification sp|Daniel May 15, 2019 1 min read ESM Release 1.7.3 The API can now be explored at the endpoints /api/openapi and /swaggerui. di|Search st|Slightly improved browser support Consolidated the look of menus, tooltips and navigation trees Processes now inherit the owner of their parent Information, Application and Technology diagrams no longer automatically zoom out when objects are moved sp|Daniel Apr 26, 2019 1 min read ESM Release 1.7.1 You can now select (and drag) multiple diagram nodes by shift-clicking or dragging a rectangle while holding shift. The favicon (if available) from the first external link is now displayed as the tooltip icon on diagram nodes for applications, devices and locations. Node positions are now remembered between browser reloads. You can now move processes in the process tree. You can also create links to processes by dragging them from the tree into a diagram. You can now right-click domain-objects in lists, trees and diagrams to create a search filter. di|Search st|Add multiple selection of diagram nodes Display favicons from external links as tooltip icons Remember diagram layout for information, application and devices & locations diagrams Add drag and drop of processes in process tree and from process tree to process diagrams Add quick-search for domain object sp|Daniel Apr 10, 2019 1 min read ESM Release 1.7.0 di|Search st|Add legal exception field for processing of special categories of personal data Fix descriptive labels of information object associations in popup sp|Daniel Apr 2, 2019 1 min read ESM Release 1.6.3 di|Search st|Attributes can now be inherited via associations Processes now display all processings and applications of their subprocesses sp|Daniel Mar 27, 2019 1 min read ESM Release 1.6.0 di|Search st|Added export function to all tables Improved display of name and paths in process diagrams Improved visibility of long object names in diagrams sp|Daniel Mar 13, 2019 1 min read ESM Release 1.5.2 di|Search st|Minor fixes sp|Daniel Mar 8, 2019 1 min read ESM Release 1.5.1 di|Search st|GDPR Reporting sp|Daniel Mar 6, 2019 1 min read ESM Release 1.5.0 di|Search You are Great, We Hire! We are looking for Information Security Specialists with 2-4 years of experience with practical work with Information Security. Do you... Innovate Security is ISO/IEC27001 certified We are proud to present our certificate Sommarhälsning från Innovate! Snart börjar semestern för många och vi vill passa på att berätta lite om vad som hänt hos oss under första halvåret och vad som är på... {"items":["5fc8f31fc281f000183a1a44","5f00596142a0ed00172f4973","5efd915f707c510017c9f002"],"styles":{"galleryType":"Columns","groupSize":1,"showArrows":true,"cubeImages":true,"cubeType":"fill","cubeRatio":1.3333333333333333,"isVertical":true,"gallerySize":30,"collageAmount":0,"collageDensity":0,"groupTypes":"1","oneRow":false,"imageMargin":32,"galleryMargin":0,"scatter":0,"rotatingScatter":"","chooseBestGroup":true,"smartCrop":false,"hasThumbnails":false,"enableScroll":true,"isGrid":true,"isSlider":false,"isColumns":false,"isSlideshow":false,"cropOnlyFill":false,"fixedColumns":1,"enableInfiniteScroll":true,"isRTL":false,"minItemSize":50,"rotatingGroupTypes":"","rotatingCropRatios":"","columnWidths":"","gallerySliderImageRatio":1.7777777777777777,"numberOfImagesPerRow":1,"numberOfImagesPerCol":1,"groupsPerStrip":0,"borderRadius":0,"boxShadow":0,"gridStyle":1,"mobilePanorama":false,"placeGroupsLtr":true,"viewMode":"preview","thumbnailSpacings":4,"galleryThumbnailsAlignment":"bottom","isMasonry":false,"isAutoSlideshow":false,"slideshowLoop":false,"autoSlideshowInterval":4,"bottomInfoHeight":0,"titlePlacement":"SHOW_ON_THE_RIGHT","galleryTextAlign":"center","scrollSnap":false,"itemClick":"nothing","fullscreen":true,"videoPlay":"hover","scrollAnimation":"NO_EFFECT","slideAnimation":"SCROLL","scrollDirection":0,"scrollDuration":400,"overlayAnimation":"FADE_IN","arrowsPosition":0,"arrowsSize":23,"watermarkOpacity":40,"watermarkSize":40,"useWatermark":true,"watermarkDock":{"top":"auto","left":"auto","right":0,"bottom":0,"transform":"translate3d(0,0,0)"},"loadMoreAmount":"all","defaultShowInfoExpand":1,"allowLinkExpand":true,"expandInfoPosition":0,"allowFullscreenExpand":true,"fullscreenLoop":false,"galleryAlignExpand":"left","addToCartBorderWidth":1,"addToCartButtonText":"","slideshowInfoSize":200,"playButtonForAutoSlideShow":false,"allowSlideshowCounter":false,"hoveringBehaviour":"NEVER_SHOW","thumbnailSize":120,"magicLayoutSeed":1,"imageHoverAnimation":"NO_EFFECT","imagePlacementAnimation":"NO_EFFECT","calculateTextBoxWidthMode":"PERCENT","textBoxHeight":0,"textBoxWidth":200,"textBoxWidthPercent":50,"textImageSpace":10,"textBoxBorderRadius":0,"textBoxBorderWidth":0,"loadMoreButtonText":"","loadMoreButtonBorderWidth":1,"loadMoreButtonBorderRadius":0,"imageInfoType":"ATTACHED_BACKGROUND","itemBorderWidth":1,"itemBorderRadius":0,"itemEnableShadow":false,"itemShadowBlur":20,"itemShadowDirection":135,"itemShadowSize":10,"imageLoadingMode":"BLUR","expandAnimation":"NO_EFFECT","imageQuality":90,"usmToggle":false,"usm_a":0,"usm_r":0,"usm_t":0,"videoSound":false,"videoSpeed":"1","videoLoop":true,"jsonStyleParams":"","gallerySizeType":"px","gallerySizePx":940,"allowTitle":true,"allowContextMenu":true,"textsHorizontalPadding":-30,"itemBorderColor":{"value":"#999999"},"showVideoPlayButton":true,"galleryLayout":2,"targetItemSize":940,"selectedLayout":"2|bottom|1|fill|true|0|true","layoutsVersion":2,"selectedLayoutV2":2,"isSlideshowFont":false,"externalInfoHeight":0,"externalInfoWidth":0.5},"container":{"width":940,"galleryWidth":972,"galleryHeight":0,"scrollBase":0,"height":null}} sp|Admin Dec 3, 2020 1 min 0 comments Admin Jul 4, 2020 1 min 0 comments Admin Jul 2, 2020 2 min 0 comments di|Search sp|Admin Mar 10 1 min read ESM release v 3.8.0 During last week we released a new version of ESM. Try it out! di|Search sp|Admin Feb 19 1 min read ESM release v 3.7.0 Yesterday we released a new version of ESM, since we became one developer shorter we needed to reprioritise but all the same we managed to get really useful stuff out. Some of the new functionality has been requested from our customers; - the possibility to put a lifecycle status on Business Applications - new standards available on demand, EIOPA Guidelines and PCI-DSS - new statement reports Try it out! di|Search sp|Admin Sep 2, 2020 1 min read Welcome Anders Berg! Innovate Security welcomes Anders Berg as our Head of Professional Services! Anders will be responsible for our "as a Service" portfolio, here is a link to Anders Linkedin profile: https://www.linkedin.com/in/anders1/ di|Search sp|Admin Mar 27, 2020 1 min read ESM moves to Sweden Now ESM has been moved to Devinix, an ISO/IEC27001 certified Cloud Provider. Devinix is also certified according to ISO/IEC9000 and ISO/IEC14000. di|Search st|Minor fixes in the risk identification module New ISO standards in the 27000-series added sp|Admin Sep 7, 2019 1 min read Release 2.0.4 di|Search sp|Admin Oct 9, 2020 1 min read Welcome Anton Bjöörn Innovate Security has hired another brilliant developer! Anton is newly graduated from KTH and has a Master in Computer Science. Do you want to work in a team to help organisations work with Information Security? Are you proficient in Swedish and English? Do you live in Stockholm? Do you want to be a part of developing ESM, our digital Information Security Management System, and use it in your daily work? di|Search sp|Admin Dec 3, 2020 1 min read You are Great, We Hire! We are looking for Information Security Specialists with 2-4 years of experience with practical work with Information Security. Contact Tim for a discussion! Check this link for contact details: https://www.innovatesecurity.se/about-us di|Search st|Again, information security becomes , and everyone is happy. Until they are not. Information is a valuable core asset for most businesses People from different parts of the organisation need to cooperate to meet today’s challenges of information security To protect your information, you have to A simple high level information model is the best way to classify and know which information is worthy of protection sp|Daniel Apr 20, 2018 2 min read Know your information! Updated: Aug 8, 2019 . Still, most IT-departments focus only on the technology and software part, and not on the actual information the IT-systems were built to handle in the first place. It is often more or less explicitly stated that information ownership must lay on "the business side". So problems with actual data-quality, or questions on the protection-worthiness of certain information is conveniently transformed to everyones favourite kind of problem - . Likewise, business managers and top executives are seldom interested in going into any details of logical information models, or nerdy classifications of the information handled in their business processes. It is often assumed that more technical people on "the IT-side" takes care of details like that. If you are the CIO of your company, you are the Chief Officer for your company’s information. Information, not technology should be your main focus. How are you supposed to be accountable for information security breaches if you don’t have a good grip on what information your company actually handles? And which of that information that is worthy of protection? . Emailing a spreadsheet with a free-text column labeled “Information asset” and a few questions for to answer won’t cut it. Example: different types of customers For example - you most likely handle some sort of customers in your systems. Maybe you have both consumers and businesses as customers. And among your consumer customers, maybe some are more sensitive than others, or you need to differentiate military related customers from other businesses. In a case like that it is not useful to classify and protect all customer data equally. Instead you need to differentiate a hierarchy of different types of customer data. When for example executive management decides to outsource parts of operations, it is crucial that they know what information is affected. And whether that information is sensitive or worthy of protection or not. If they do not understand this, no layers of technical security like advanced encryption standards can protect your customers' information. This can potentially have very severe consequences, as in the recent example of the scandalous where, so far, the general director has been convicted for crime and two Swedish ministers lost their jobs. /Daniel Lilliehöök, Chief architect at em|The “I” in IT stands for information Somebody Else’s Problem Somebody Else's Problem To know you information you have to model it Somebody Else Each type of customer would inherit its minimal classifications and demands from the more general customer definition. More special customer types can add higher security goals or extra compliance demands. Information security is too important to be Somebody Else’s Problem. If you willingly give away the key, it does not matter how strong the lock is. In summary; know your information di|Search sp|Admin Nov 17, 2020 1 min read Working with standards In this article published on Linkedin we provide some examples on how ISO/IEC27000 may help you in implementing an Information Security Management System. https://www.linkedin.com/pulse/using-information-security-standards-anders-fristedt di|Search sp|Admin Jun 17, 2020 1 min read Release 3.0.0 deployed We have updated our support for ICT Readiness for Business Continuity. This is now a new module, without this module the IRBC-functionality is on a basic level. di|Search sp|Admin Apr 20, 2020 0 min read Release 2.8.0 is ready di|Search sp|Admin Nov 22, 2020 1 min read Access Control in SME's We want to share some thoughts on how SME's may work with a simple process for controlling access to IT Systems. Larger organisations often have dedicated systems, e.g. IAM systems and PAM systems, that smaller organisations may not afford. https://www.linkedin.com/pulse/setting-up-governance-access-control-sme-anders-fristedt di|Search st|Filters of information objects now respect attributes inherited via associations sp|Daniel Apr 26, 2019 1 min read ESM Release 1.7.2 Updated: Aug 8, 2019 di|Search ESM relase 3.5.0 Our December release, that we planned for the 22nd of Dec, was late and we were forced to leave the new authority model outside the... ESM version 3.4.0 is released Release 3.0.0 deployed We have updated our support for ICT Readiness for Business Continuity. This is now a new module, without this module the... ESM version 2.9.0 About a week late, but here it is our latest release that improves work with templates greatly. Release 2.8.0 is ready ESM moves to Sweden ESM is moved to Swedish ISO/IEC27001 certified Cloud Provider. Release 2.7.0 Improved process modelling functionality Top level processes are now possible to layout just as in the other process diagrams. It is now... Release 2.6.4 Fixed performance issues in large models. Added functionality for administrator to set values for SMS OTP timeout. Release 2.6.0 Improvements regarding Named Organizations, Search Filters, ISO/IEC 27001 and ISO/IEC27002 available in Swedish, creating a SOA for... Release 2-5-3 Hotfix: confusing special case of information classification An information object inheriting attributes with lower classification also... Release 2.5.0 Named Organizations A list of external organizations has been added under Resources. The fields for Controller, Processor(s) and Third... Release 2.4.0 Event History All changes (creations, updates and deletions) are stored and viewable either in a global history table or per object. The... Release 2.3.0 Language support ESM is now available also in Swedish. Various minor fixes The date a risk analysis was closed is now shown in the closed... Release 2.2.5 Updates to risk module Assets and risks are now part of a selected risk analysis. Release 2.2.0 Live model updates for simultaneous users All updates a user makes in ESM are now immediately propagated to all other logged in users.... Release 2.1.0 Demands & Statements on processes and documents Statement(s) of Applicability (of ISO 27000) can set demands for security controls on... Release 2.0.4 Minor fixes in the risk identification module New ISO standards in the 27000-series added ESM 2.0 Major release with new fundamental functionality: Support for Risk Analysis with a simplified workflow based on ISO standards. Improved... Release 1.9.10 Security Mechanisms Using Security Mechanisms is a way for organisations to detail how they interpret and intend to implement controls... ESM Release 1.9.5 New field, 'applicable law', in processing form When legal ground 'compliance with legal obligations' is selected, the applicable law can... {"items":["5feae927a053e60017ed9f21","5fb6981149f19300173dd755","5ef1ac3e247b0e001746bcff","5ecb74da532966001887421b","5e9dfbcd8f9c7e0042067303","5e7dfbc75df0ea00173f7918","5e789414ce198d00170370b3","5e7893a7bc98ef0017fba33b","5e78920aa9c38d0017cfdb75","5e3ad874c68eb30019aaed98","5e20be1e6012a700179a7600","5df92deebef9450017b625be","5dd447db51385d0017af291f","5dd4476e739bb90017fa1d9c","5dd4472acb12720017d903c5","5dd446eb17f8360017c6c2c4","5dd446a62dcae2001769638b","5d6aaabdfea90e017c70fe5f","5d56a8f83c74500015e1189c","5d4c204a81c4dc00170cd497"],"styles":{"galleryType":"Columns","groupSize":1,"showArrows":true,"cubeImages":true,"cubeType":"fill","cubeRatio":1.3333333333333333,"isVertical":true,"gallerySize":30,"collageAmount":0,"collageDensity":0,"groupTypes":"1","oneRow":false,"imageMargin":32,"galleryMargin":0,"scatter":0,"rotatingScatter":"","chooseBestGroup":true,"smartCrop":false,"hasThumbnails":false,"enableScroll":true,"isGrid":true,"isSlider":false,"isColumns":false,"isSlideshow":false,"cropOnlyFill":false,"fixedColumns":1,"enableInfiniteScroll":true,"isRTL":false,"minItemSize":50,"rotatingGroupTypes":"","rotatingCropRatios":"","columnWidths":"","gallerySliderImageRatio":1.7777777777777777,"numberOfImagesPerRow":1,"numberOfImagesPerCol":1,"groupsPerStrip":0,"borderRadius":0,"boxShadow":0,"gridStyle":1,"mobilePanorama":false,"placeGroupsLtr":true,"viewMode":"preview","thumbnailSpacings":4,"galleryThumbnailsAlignment":"bottom","isMasonry":false,"isAutoSlideshow":false,"slideshowLoop":false,"autoSlideshowInterval":4,"bottomInfoHeight":0,"titlePlacement":"SHOW_ON_THE_RIGHT","galleryTextAlign":"center","scrollSnap":false,"itemClick":"nothing","fullscreen":true,"videoPlay":"hover","scrollAnimation":"NO_EFFECT","slideAnimation":"SCROLL","scrollDirection":0,"scrollDuration":400,"overlayAnimation":"FADE_IN","arrowsPosition":0,"arrowsSize":23,"watermarkOpacity":40,"watermarkSize":40,"useWatermark":true,"watermarkDock":{"top":"auto","left":"auto","right":0,"bottom":0,"transform":"translate3d(0,0,0)"},"loadMoreAmount":"all","defaultShowInfoExpand":1,"allowLinkExpand":true,"expandInfoPosition":0,"allowFullscreenExpand":true,"fullscreenLoop":false,"galleryAlignExpand":"left","addToCartBorderWidth":1,"addToCartButtonText":"","slideshowInfoSize":200,"playButtonForAutoSlideShow":false,"allowSlideshowCounter":false,"hoveringBehaviour":"NEVER_SHOW","thumbnailSize":120,"magicLayoutSeed":1,"imageHoverAnimation":"NO_EFFECT","imagePlacementAnimation":"NO_EFFECT","calculateTextBoxWidthMode":"PERCENT","textBoxHeight":0,"textBoxWidth":200,"textBoxWidthPercent":50,"textImageSpace":10,"textBoxBorderRadius":0,"textBoxBorderWidth":0,"loadMoreButtonText":"","loadMoreButtonBorderWidth":1,"loadMoreButtonBorderRadius":0,"imageInfoType":"ATTACHED_BACKGROUND","itemBorderWidth":1,"itemBorderRadius":0,"itemEnableShadow":false,"itemShadowBlur":20,"itemShadowDirection":135,"itemShadowSize":10,"imageLoadingMode":"BLUR","expandAnimation":"NO_EFFECT","imageQuality":90,"usmToggle":false,"usm_a":0,"usm_r":0,"usm_t":0,"videoSound":false,"videoSpeed":"1","videoLoop":true,"jsonStyleParams":"","gallerySizeType":"px","gallerySizePx":940,"allowTitle":true,"allowContextMenu":true,"textsHorizontalPadding":-30,"itemBorderColor":{"value":"#999999"},"showVideoPlayButton":true,"galleryLayout":2,"targetItemSize":940,"selectedLayout":"2|bottom|1|fill|true|0|true","layoutsVersion":2,"selectedLayoutV2":2,"isSlideshowFont":false,"externalInfoHeight":0,"externalInfoWidth":0.5},"container":{"width":940,"galleryWidth":972,"galleryHeight":0,"scrollBase":0,"height":null}} sp|Admin Dec 29, 2020 1 min 0 comments Admin Nov 19, 2020 0 min 0 comments Admin Jun 17, 2020 1 min 0 comments Admin May 25, 2020 1 min 0 comments Admin Apr 20, 2020 0 min 0 comments Admin Mar 27, 2020 1 min 0 comments Admin Mar 18, 2020 1 min 0 comments Admin Mar 3, 2020 1 min 0 comments Admin Feb 16, 2020 1 min 0 comments Admin Jan 23, 2020 1 min 0 comments Admin Jan 16, 2020 1 min 0 comments Admin Dec 17, 2019 1 min 0 comments Admin Oct 30, 2019 1 min 0 comments Admin Oct 17, 2019 1 min 0 comments Admin Oct 1, 2019 1 min 0 comments Admin Sep 18, 2019 1 min 0 comments Admin Sep 7, 2019 1 min 0 comments Daniel Aug 31, 2019 1 min 0 comments Daniel Aug 16, 2019 1 min 0 comments Daniel Jul 5, 2019 1 min 0 comments di|Search sp|Admin Jul 2, 2020 2 min read Sommarhälsning från Innovate! Snart börjar semestern för många och vi vill passa på att berätta lite om vad som hänt hos oss under första halvåret och vad som är på gång till hösten. Om vi börjar med en tillbakablick så har det hänt många intressanta saker både på produkt och tjänstesidan. ESM har utvecklats i rask takt med nya releaser varje månad, vi har också flyttat tjänsten till en svenskägd leverantör i Sverige för att möta krav gällande cloud act från våra kunder. Mer information om all ny funktionalitet finns här: På tjänstesidan har vi fortsatt att utveckla våra koncept och våra månadstjänster ökar i omsättning och popularitet. För de som inte har en egen informationssäkerhetsfunktion kan det vara väldigt effektivt att köpa en tjänst. Även om man har en anställd CISO eller liknande kan det vara intressant att få stöd i det löpande arbetet. Vi har idag flera olika varianter på månadstjänster, kontakta oss gärna för mer information. Info kring vad vi främst jobbar med finns här: Om vi tittar framåt till hösten så har vi spännande saker planerade. Som ni kanske sett har vi precis släppt en modul till ESM för att hantera kontinuitet på ett effektivt sätt. Vi kommer att släppa fler moduler inom kort då vi tror det är ett bra sätt för våra kunder att själva välja vilka funktioner som är viktigast. Mer information om olika moduler finns här: Modulen för interna kontroller och egna standarder kommer släppas i September och samma gäller finansmodulen. I oktober kommer vi också att släppa en modul som hanterar behörighet i ESM på ett mer detaljerat sätt än idag och även tillåter inloggning via AD, mer information kommer inom kort. Trevlig sommar! di|Search sp|Admin Nov 19, 2020 0 min read ESM version 3.4.0 is released di|Search sp|Daniel Sep 12, 2019 1 min read SIS och Innovate lanserar SIS-ESM Updated: Feb 22, 2020 Innovate och SIS - Svenska Institutet för Standarder - lanserar tillsammans SIS-ESM; ett praktiskt och effektivt sätt att arbeta med ISO 27000. Läs mer . . The Webinar will be recorded and used in future marketing and customer support activities. di|In this webinar experts from Innovate will show features and functionality in ESM with concrete examples. The Webinar will be recorded. On this Webinar will show how to work with classifications and information security architecture. Existing customers will be prioritised. 12 apr. 15:00 – 19:00 CEST Teams meeting h1|ESM Webinar - tips and tricks h2|Time & Location About the Event Share This Event sp|mån 12 apr. | Teams meeting The Webinar will be recorded and used in future marketing and customer support activities. di|In this webinar experts from Innovate will show features and functionality in ESM with concrete examples. The Webinar will be recorded. We will show how to work with ICT Compliance with several frameworks and/or standards. Existing customers will be prioritised. 03 maj 15:00 – 19:00 CEST Teams meeting h1|ESM Webinar - tips and tricks h2|Time & Location About the Event Share This Event sp|mån 03 maj | Teams meeting di|Search sp|Innovate Blog Posts Feb 21, 2018 2 min read abc123, encryption your worst nightmare Updated: Aug 8, 2019 Encryption, the word indicates security, assurance, and trust. But encryption really means making information unavailable, so why are we so gullable on using encryption? In the light of the new data legislation, GDPR, encryption is the silver bullet for sending sensitive information around. There are tools to download that will help you to encrypt a file before sending it over e-mail or whatever. Many of these tools use password-based encryption, i.e. you provide the tool with a password and then press "encrypt". To be technical, this is PKCS #5/RFC 8018, password-based cryptography. In the specifications, you are instructed on how to program the tools to actually provide security. But the security of a file protected with password-based cryptography is never more secure than the security of the password. Consider a file encrypted with state-of-the-art cryptography with 512-bit encryption key...generated by the password "abc123". How secure is that? So if you get the file you can create a small piece of software generating passwords to decrypt the file. Regardless of the choice of encryption algorithm or length of the encryption key, this file is not secure. But using the tool will provide the user with a false sense of security. On the other hand, if you provide the tool with a 60 characters long string of ASCII characters the encryption will be more secure. But how could you ever remember such a password? Encryption in this sense is too secure, you have essentially lost the file. So either a false sense of security or too much security resulting in lost information. This is a set of tips to chose good habits when you use password-based encryption: 1. Check the tool you use. Be sure that it is really doing what it should, it might be a Trojan. 2. Use a good-enough password. Consider the time the file must be protected, is it 20 days, 20 months or 20 years? The password should match these requirements. 2.1. Low requirements of confidentiality (but high enough for using encryption!): use at least 20 characters 2.2 Medium requirements on confidentiality: use at least 30 characters 2.3 High requirements on confidentiality: use at least 40 characters 3. Always distribute the password to the receiver in a secure manner, this should also reflect the above gradings; high requirements on confidentiality results in high requirements for distributing the password etc. 4. Consider the Key Escrow problem; how should you behave in case of a lost password? Maybe you have a clear text copy of the file, or you store the password in a safe? 5. If your requirements are high enough, consider implementing a more reliable and secure cryptographic solution. 6. Ask the experts! So, go ahead and secure your files with cryptography, but do it in a safe and sound way! -- Anders Fristedt, Innovate Security di|Search sp|Admin Nov 15, 2020 1 min read Upcoming certifications for our customers! We are thrilled that several of our customers are ready for certification meetings the upcoming 1-2 months. They are all using ESM - Enterprise Security Modeller as their digital Information Security Management System (ISMS). Some of them have also chosen to use our "Compliance as a Service" for maintaining the ISMS. The auditors are very positive around using ESM as a digital ISMS and are all looking forward to upcoming reports from ESM. di|Search sp|Admin Mar 17 1 min read UPPDATED - Network problems in production environment 11:05 - Our IT partner has solved the problem. The disturbances were connected with their core routers. We are experiencing intermittent network problems in the ESM production environment. The first problem occurred at approximately 08:40, the problem was solved at 08:45. Unfortunately it has returned three times since that. We are sorry for the inconvenience and are working with our IT partner to solve the problem as soon as possible. di|Search sp|Admin Jul 4, 2020 1 min read Innovate Security is ISO/IEC27001 certified We are proud to present our certificate di|Search sp|Admin May 4, 2020 1 min read ArkivIT and Innovate Security in partnership ArkivIT and Innovate Security starts a partnership for supporting customers within Information Security and Compliance. See more here: https://www.linkedin.com/posts/tim-s%C3%B6nderskov_arkivit-och-innovate-security-startar-samarbete-activity-6663042716902973440-fsYw In Swedish: ArkivIT och Innovate Security startar samarbete för effektiv tjänsteleverans av informationssäkerhet! ArkivIT är ett kunskapsföretag inom arkiv- och informationshantering, och erbjuder bland annat konsulttjänster inom informationssäkerhet och dataskyddsombud som tjänst. Innovate Security utvecklar produkter och tjänster för att förenkla och effektivisera arbete med informationssäkerhet och regelefterlevnad. Samarbetet ger bland annat möjlighet för ArkivIT att använda Innovates produkt ESM som en del av leveransen mot sina kunder. ESM är ett verktyg för att få en helhetsbild av en organisations informationssäkerhet och mäta efterlevnad. ArkivIT får också en egen version av ESM med möjlighet att styra delar av innehållet för att skapa nya erbjudanden till sina kunder. ”Vi har lagt mycket fokus på att utveckla paketerade konsulttjänster inom dataskydd och informationssäkerhet, och ESM passar perfekt för att stärka leveransen av dessa tjänster ytterligare. Jag är övertygad om att vi, Innovate och våra kunder kommer få stort värde av samarbetet” Daniel Setterwall, Vd ArkivIT ”ArkivIT är en perfekt partner för oss, vi kan lära oss mycket av deras expertis inom tjänsteleveranser och skapa ett starkt erbjudande tillsammans” Tim Sönderskov, Vd Innovate Security Create a forum where IT-architects and business architects may discuss the impact of Cloud for the organization. Create regular reviews of the Cloud Services used and make sure that relevant security requirements are followed up yearly. Work actively with the GRC-team, Governance, Risk and Compliance, involve DPO and Information Security to creates cross refencencies between these domains. Create a clear ownership of business processes and IT-systems. Build an Information Security Architecture based on international standards, e.g. ISO/IEC27000, and best practises. Review the efficiency of the security mechanisms regularly, e.g. “red team tests”, “penetration tests” or similar. Involve domain experts when designing new systems or when upgrading systems and review the overall security. Implement regular internal controls, Key Performance Indicators or Key Risk Indicators that indicates efficiency of the security mechanisms. di|Search sp|Admin Aug 13, 2019 2 min read A summary of Information Security trends (3/3) Continuing our discussion on a few trends within Information Security, here are trend 5 and 6. You are free to use this information as you wish, but please mention Innovate Security as the source, please refer to Creative Commons CC BY 4.0 ( ) 5. Cloud Security strategy and controlling suppliers As with all companies that takes steps towards Cloud, Organisations needs to work with important strategic and tactical challenges. Which applications/solution should be Cloud and which should not? Again the cooperation between the Business Development and the IT Architects needs to develop tactical and strategic solutions and road maps. Once this discussion is ongoing the GRC team needs to be involved to implement necessary controls and influence specific choices of solution patterns etc. (before they are implemented). Cloud solutions will solve certain information security risks, but will introduce new ones. Specifically a Cloud solution will, in general, be more resilient and thus simplify the work with Business Continuity. Note that Cloud Solution is not solving Business Continuity by default, the organization still needs to drive this internally and work regularly. Cloud solutions will also post a challenge for organizations that are under supervisory controls, e.g. Financial market. There are evidence that many organizations seek to certify themselves in order to make the supervisory control more efficient. Specifically the Swedish supervisory Spelinspektionen, controlling gaming, has explicitly stated that compliance with ISO/IEC27000 will be sufficient for complying with specified chapters in their regulations. What to do: 6. Complexity of organisation’s technical security mechanisms and processes will become a security threat themselves The Security market comes up with new products to counter the attacks, but there has been increasing evidence that the complexity of technical protection, i.e. Security products, makes security updates impossible for the product they intend to protect. Thus to continue building a patchwork of IT-security gizmos will not increase security indefinitely, there is a need for focusing on orchestrating the different security mechanisms. In some cases security might even increase by removing a specific security mechanism. As a support for building efficient security controls, consider the following principles: Security should be easy to use, if security mechanisms are complex and hard to use people will find ways around them. Security by obscurity is almost always bad; security solutions should stand for peer review. Avoid the “Security Gap”, i.e. it is better to have a known level of security (even if it is low), than to believe that you have a high security when you haven’t. What to do: This concludes Innovate Security's summary of six of the trends within Information Security. Work with Information Security Awareness. Implement Information Security requirements in the purchase process. Introduce standardised IT-solutions and security patterns and use them...always. Involve IT-architects early in business development. Work with Disaster Recovery and Business Continuity. Identify your organization’s Crown Jewels Identify ownership of information, processes and IT-systems Connect Privacy, IT-architecture and Information Security Include ”AI” in the business development Create a forum where IT-architects and business architects may discuss the impact of a future AI program for the organization. Include the GRC-team in the discussions. di|Search sp|Admin Aug 13, 2019 2 min read A summary of Information Security trends 2/3 Updated: Aug 16, 2019 Continuing our discussion on a few trends within Information Security, here are trend 2, 3 and 4. You are free to use this information as you wish, but please mention Innovate Security as the source, please refer to Creative Commons CC BY 4.0 ( ) 2. More incidents, the attackers gets more clever The list of companies and organizations that have been successfully hacked gets longer each year. Worth mentioning is the attack on Norsk Hydro (ransomware attack with a cost of €40 million). All organizations need to acknowledge that everyone is a potential target. With the continuing speed of digitalisation and Time To Market requirements, security is still not sufficiently prioritised. This will have significant impacts in the cost when a breach hits; it is very expensive to fix things after a breach. What to do: 3. More focus on Data Protection, i.e. Privacy The work done with GDPR during 2018 is starting to show need for a second wave of activities. Most companies (note that many companies didn’t do anything) is starting to understand that GDPR is here to stay – we need to have an effective way of working with data repositories, incident processes etc. The need to involve IT, Information Security and the Business is evident; you need to have control of the Crown Jewels, i.e. Your important/valuable data, within the company. Where do we store important data? What systems are managing the data? What is the connection between the data, the processes and the IT-systems? The companies that will evolve an efficient Data centric architecture will also be more successful in protecting their Data and comply with specific regulations, e.g. GDPR. What to do: 4. ”Artificial Intelligence” will be used both by attackers and defenders Today ”true” implementations of AI are still rare; AI is a ”suitcase term”, which can be used to describe a large variety of things ranging from advanced statistical analysis to Natural Language Processing and Deep Learning algorithms. Many implementations of AI will focus on the identification of anomalies and patterns that is hard for a person to do, e.g. Log analysis, identifying patterns within network traffic, anomalies in usage of a specific application etc. Of course, attackers may also use AI in order to perform even more advanced attacks. The ”dark side” will always be one step ahead. In order to be prepared for this, the organizations ought to have a broad knowledge of what AI is, how it may be used in the organization and how to adapt the current business and IT architecture. It is hard to give any specific advice. What to do: In the next post we discuss trends 5 and 6. Compliance is similar to buckling up, it’s the law IT-Security is like safe driving, full of ifs and buts. More regulations, more detailed regulations. More incidents, the attackers gets more clever. More focus on Data Protection, i.e. Privacy. Different implementations of ”Artificial Intelligence” will be used both by attackers and defenders. The need for a Cloud Security strategy will increase, as will the need for controlling suppliers. Complexity of organisation’s technical security mechanisms and processes will become a security threat themselves. Get ”order in the house”. A good way for organisation’s to do this is to use Business Continuity as a vehicle to increase the transparency and awareness of the connection between processes, information objects (i.e. The Crown Jewels) and IT-systems. Work actively with the GRC-team, Governance, Risk and Compliance, involve DPO and Information Security to create cross references between these domains. Create a clear ownership of business processes and IT-systems. Create a mandatory update period of documentation each year. di|Search sp|Admin Aug 13, 2019 2 min read A summary of Information Security trends (1/3) Updated: Aug 16, 2019 The purpose of Information Security is to protect organisation’s business and their employees. In order to prioritise investments and resources it is important to understand the correct level of protection mechanisms that ought to be required and to understand the threats relevant for each organisation. Of course this information is specific for different organisations, but there are some general information that is of interest for most organisations. This report summarises a few major trends within the Information Security community and what organisations should do to protect themselves. We want to make this available for all of our customers in order to contribute to a safer Internet! You are free to use this information as you wish, but please mention Innovate Security as the source, please refer to Creative Commons CC BY 4.0 ( ) Do not confuse Compliance and IT-Security Before we start with the report it might be important to mention that you should not confuse Security Compliance (e.g. with a set of regulations or frameworks) with being secure and to implement a more technical perspective of Information Security, e.g. IT-security. Six trends within Information Security The trends have been identified on several Information Security forums and blogs along with several more. This is a distillation of many different information sources and our own view of how to build efficient and effective Information Security Architecture. 1. More regulations, more detailed regulations Following the year of GDPR (2018) we have seen more detailed and comprehensive regulations, e.g. EBA/GL/2019/02. Many believe that this trend will continue as a consequence of the fact that companies seldom do what is necessary without regulations. Most companies lack simple ”order in the house” kind of things as knowing where your valuable information is, what processes are connected with what IT-systems and what security controls to implement where. The regulators see this lack of control and therefore will be forced to increase the granularity of the regulations and controls. The organisations will therefore be forced to cope with more detailed revisions and controls, this will need more control, documentation and “order in the house”. What to do: In the next post we continue with trends 2-4... di|Search sp|Innovate Blog Posts Feb 21, 2018 2 min read How we think about UX or "God help me if this is a dud" Updated: Aug 8, 2019 Usually when we, we as "we in the it-industry", talk about User experiences we talk about it in the context of an application or website. The user did this and then that and this were the result and or feeling at this point. I don't agree with that. A User experience is the totality of interaction with the product. If you are using a product but run into problems and call customer service, then them talking you through your problem is a part of your user experience. When you are going to training for a product that is a part of your user experience. When you taking data from an application into something else, that is also your user experience. Take the propaganda poster above. We think of the grenade as relevant only when it is about to be used, but for the guy using it, he would have been burdened with it for days, perhaps even weeks or months. It had to be of high enough quality to not malfunction day to day (in the worst case with catastrophic failure) and small enough to not get in the way. His user experience would have been for a long time. And it does not end there, if we look at it from a large scale then the grenade needs to be able to co-exist with other things, it needs to be easy and cheap to work within the eco-system of production and logistics. In a large enough space, a simple thing like an extra step the device can determine if your people get their work done in time or not. That is a user experience at it's most extreme, but exchange the word grenade in the previous two paragraphs for whatever software the company you work in is mainly using and I think you see my point. At Innovate we have these retroreflective strips that we hand out to people (give me a heads up and we'll mail one to you), in a sense even this is part of our User Experience or User Journey. It is not only what you do, but what kind of feelings you associate and bring into a situation. So, think about the whole journey for your users when it comes to their user experience. di|Search sp|Admin Feb 5, 2020 1 min read Beat the Cybersecurity Skills Shortage - excellent report by Tom Scholtz Updated: Feb 22, 2020 "Conventional wisdom dictates that an increase in cybersecurity threats requires ever-larger IT Security teams", the report provides some insights in how to manage the ever increasing need for efficient work with Information Security and IT-security. We believe that expert systems and collaborative tools, such as our own ESM - Enterprise Security Modeller, will help organisations in managing cybersecurity risks. But, regardless of you are using ESM or not you should read the report: